Data Protection Commission to begin active enforcement of the Data Protection Act 843; defaulting firms face fine or prison term

0

The Data Protection Commission will today August 14, 2023, begin active enforcement of the Data Protection Act 2012 (Act 843).

This means businesses that have failed to register with the Commission as Data Controllers

but are processing personal data are liable to summary conviction to a fine or a term of imprisonment.

Falling under the radar for non-compliance include Hisense Group and Mawarko Fast Food out of many others on the compiled list for prosecution.

In a statement, the Data Protection Commission said it intends to recover some millions of cedis owed the state by non-complying authorities that have been notified of their legal obligations but have failed to act in compliance with Act 843.

“Due to the sensitive nature of personal data and the reality that data is the new oil, issues relating to data subject rights and data controller responsibilities requires compliance to an existing legal framework that ensures that data subject privacy rights are not violated in the pursuit of making giant business strides on the back of processing of personal by data controllers”, it explained.

The Data Protection Act 2012(Act 843) outlines what constitutes lawful processing, exempt processing, the scope and duties of data controllers, data processors, functions of the Data Protection Commission, and data subjects’ rights.

It balances the need to ensure privacy rights with the rights of the State to remain inviolable, maintain law and order, function effectively, and protect its citizens effectively.

Anticipating the widely publicised enforcement action, enforcement officers from the Data Protection Commission accompanied by police officers visited the premises of some companies to pick up the ultimate decision makers or directors in the absence of the former for questioning and further sanctioning arrangements for failing to comply with the (Act 843).

The enforcement action by the Commission will continue to ensure that all businesses processing personal data assume their legal obligations under the Data Protection Act 2012 (Act 843).

Leave A Reply

Your email address will not be published.